From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mga04.intel.com (mga04.intel.com [192.55.52.120]) by mx.groups.io with SMTP id smtpd.web11.10589.1585666223758331257 for ; Tue, 31 Mar 2020 07:50:23 -0700 Authentication-Results: mx.groups.io; dkim=missing; spf=pass (domain: intel.com, ip: 192.55.52.120, mailfrom: zhichao.gao@intel.com) IronPort-SDR: FpqDnVY01TMew/qHLD/nydEeAgZbX+LL3LL36Kvpz8ZI4E2dtIwFAqq08OoG+qQiNwX5yrfqFl 7U/kK6iagqgQ== X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga007.fm.intel.com ([10.253.24.52]) by fmsmga104.fm.intel.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 31 Mar 2020 07:50:23 -0700 IronPort-SDR: V61/MX7LZrRc4yxkY93PTkKAP3GNcmA6QSb8g8V9aCMm/dwpJl2jJ44IOJ8uGCilB+b1xDSY5x GFrf7YSNeiCQ== X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.72,328,1580803200"; d="scan'208";a="240150316" Received: from fmsmsx106.amr.corp.intel.com ([10.18.124.204]) by fmsmga007.fm.intel.com with ESMTP; 31 Mar 2020 07:50:23 -0700 Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by FMSMSX106.amr.corp.intel.com (10.18.124.204) with Microsoft SMTP Server (TLS) id 14.3.439.0; Tue, 31 Mar 2020 07:50:23 -0700 Received: from shsmsx603.ccr.corp.intel.com (10.109.6.143) by SHSMSX603.ccr.corp.intel.com (10.109.6.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1713.5; Tue, 31 Mar 2020 22:50:20 +0800 Received: from shsmsx603.ccr.corp.intel.com ([10.109.6.143]) by SHSMSX603.ccr.corp.intel.com ([10.109.6.143]) with mapi id 15.01.1713.004; Tue, 31 Mar 2020 22:50:20 +0800 From: "Gao, Zhichao" To: "Fu, Siyuan" , "devel@edk2.groups.io" , "lersek@redhat.com" , "Ni, Ray" CC: "maciej.rabeda@linux.intel.com" Subject: Re: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow. Thread-Topic: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 receive flow. Thread-Index: AQHV7V1hVl9sa0gGCkqbPw4XK/NnKKhY0b4AgAlzc4CAALdOwA== Date: Tue, 31 Mar 2020 14:50:20 +0000 Message-ID: <6dd95320cdd64694803d258a7f781751@intel.com> References: <20200227110212.1070-1-maciej.rabeda@linux.intel.com> In-Reply-To: Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: dlp-product: dlpe-windows dlp-reaction: no-action dlp-version: 11.2.0.6 x-originating-ip: [10.239.127.36] MIME-Version: 1.0 Return-Path: zhichao.gao@intel.com Content-Language: en-US Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable Acked-by: Zhichao Gao > -----Original Message----- > From: Fu, Siyuan > Sent: Tuesday, March 31, 2020 7:54 PM > To: devel@edk2.groups.io; lersek@redhat.com; Ni, Ray ; > Gao, Zhichao > Cc: maciej.rabeda@linux.intel.com > Subject: RE: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 re= ceive > flow. >=20 > Reviewed-by: Siyuan Fu >=20 > > -----Original Message----- > > From: devel@edk2.groups.io On Behalf Of Laszlo > > Ersek > > Sent: 2020=1B$BG/=1B(B3=1B$B7n=1B(B25=1B$BF|=1B(B 19:34 > > To: Ni, Ray ; Gao, Zhichao > > Cc: devel@edk2.groups.io; maciej.rabeda@linux.intel.com > > Subject: Re: [edk2-devel] [PATCH v1] ShellPkg: Fix 'ping' command Ip4 > > receive flow. > > > > Ray, Zhichao, > > > > On 02/27/20 12:02, Maciej Rabeda wrote: > > > REF: https://bugzilla.tianocore.org/show_bug.cgi?id=3D2032 > > > > > > 'ping' command's receive flow utilizes a single Rx token which it > > > attempts to reuse before recycling the previously received packet. > > > This causes a situation where under ICMP traffic, > > > Ping6OnEchoReplyReceived() function will receive an already recycled > > > packet with EFI_SUCCESS token status and finally dereference invalid > > > pointers from RxData structure. > > > > > > Cc: Ray Ni > > > Cc: Zhichao Gao > > > Signed-off-by: Maciej Rabeda > > > --- > > > ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c | 9 +++++---- > > > 1 file changed, 5 insertions(+), 4 deletions(-) > > > > can you please review this ShellPkg patch? It's been on the list for > > almost a month now. > > > > Thanks > > Laszlo > > > > > diff --git a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c > > b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c > > > index 23567fa2c1bb..a3fa32515192 100644 > > > --- a/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c > > > +++ b/ShellPkg/Library/UefiShellNetwork1CommandsLib/Ping.c > > > @@ -614,6 +614,11 @@ Ping6OnEchoReplyReceived ( > > > > > > ON_EXIT: > > > > > > + // > > > + // Recycle the packet before reusing RxToken // > > > + gBS->SignalEvent (Private->IpChoice =3D=3D > > PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private- > > >RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private > > >- RxToken.Packet.RxData)->RecycleSignal); > > > + > > > if (Private->RxCount < Private->SendNum) { > > > // > > > // Continue to receive icmp echo reply packets. > > > @@ -632,10 +637,6 @@ ON_EXIT: > > > // > > > Private->Status =3D EFI_SUCCESS; > > > } > > > - // > > > - // Singal to recycle the each rxdata here, not at the end of proc= ess. > > > - // > > > - gBS->SignalEvent (Private->IpChoice =3D=3D > > PING_IP_CHOICE_IP6?((EFI_IP6_RECEIVE_DATA*)Private- > > >RxToken.Packet.RxData)->RecycleSignal:((EFI_IP4_RECEIVE_DATA*)Private > > >- RxToken.Packet.RxData)->RecycleSignal); > > > } > > > > > > /** > > > > > > > > >=20